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AMENDMENTS TO THE CLAIMS 
This listing of claims will replace all prior versions, and listings, of claims in the application: 
1. (previously presented) A method of assigning a network address to a host based on 

authentication for a physical connection between the host and an intermediate device, the 

method comprising the computer-implemented steps of: 

receiving, at a router hosting an authenticator process for the host, from a first server that 
provides authentication and authorization, in response to a request for 
authentication for the physical connection, first data indicating at least some of 
authentication and authorization information; 

receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery 
message for discovering a logical network address for the host; 

generating at the DHCP relay agent process a second message that comprises the DHCP 
discovery message and the first data; and 

sending the second message from the DHCP relay agent process to a DHCP server that 
provides the logical network address for the host; 

wherein generating the second message further comprises sending a third message, from 
the authenticator process to the relay agent process, that contains at least some of 
the authentication and authorization information based on the first data. 



2. (canceled) 



3. (previously presented)A method as recited in Claim 1, wherein: 

the step of generating the second message further comprises the steps of: 

storing second data based on the first data by the authenticator process; and 
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retrieving the second data by the relay agent process in response to said step of 

receiving the first message. 

4. (original) A method as recited in Claim 1, wherein the first server is an authentication, 
authorization and accounting server. 

5. (original) A method as recited in Claim 4, wherein the first server is a RADIUS protocol 
server. 

6. (previously presented) A method as recited in Claim 1, wherein the physical connection 
comprises an Ethernet interface card on the router. 

7. (original) A method as recited in Claim 1, wherein the physical connection comprises a 
wireless Ethernet encryption key and time slot. 

8. (original) A method as recited in Claim 1, wherein the request for authentication is based 
on an Institute of Electrical and Electronics Engineers (IEEE) 802. lx standard. 

9. (canceled) 

10. (original) A method as recited in Claim 1, wherein: 

the first data includes user class data indicating a particular group of one or more 

authorized users of the host; and 
said step of generating the second message is further based on the user class data. 
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11. (original) A method as recited in Claim 1, wherein: 

the first data includes credential data indicating authentication is performed by the first 
server; and 

said step of generating the second message is further based on the credential data. 



12.-25. (canceled) 



26. (previously presented) An apparatus for assigning a network address to a host based on 
authentication for a physical connection between the host and an intermediate device, 
comprising: 

means for receiving, at a router hosting an authenticator process for the host, from a first 
server that provides authentication and authorization, in response to a request for 
authentication for the physical connection, first data indicating at least some of 
authentication and authorization information; 

means for receiving, at a DHCP relay agent process of the router, from the host, a DHCP 
discovery message for discovering a logical network address for the host; 

means for generating at the DHCP relay agent process a second message that comprises 
the DHCP discovery message and the first data; and 

means for sending the second message from the DHCP relay agent process to a DHCP 
server that provides the logical network address for the host; 

wherein generating the second message further comprises sending a third message, from 
the authenticator process to the relay agent process, that contains at least some of 
the authentication and authorization information based on the first data. 
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27. (previously presented) An apparatus for assigning a network address to a host based on 
authentication for a physical connection between the host and an intermediate device, 
comprising: 

a network interface that is coupled to a data network for receiving one or more packet 

flows therefrom; 
a physical connection that is coupled to the host; 
a processor; 

one or more stored sequences of instructions which, when executed by the processor, 
cause the processor to carry out the steps of: 

receiving, at an authenticator process for the host, through the network interface 
from a first server that provides authentication and authorization, in 
response to a request for authentication for the physical connection, first 
data indicating at least some of authentication and authorization 
information; 

receiving, at a DHCP relay agent process, through the physical connection from 
the host, a DHCP discovery message for discovering a logical network 
address for the host; 

generating at the DHCP relay agent process a second message that comprises the 

DHCP discovery message and the first data; and 
sending through the network interface the second message from the DHCP relay 

agent process to a DHCP server that provides the logical network address 

for the host; 
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wherein generating the second message further comprises sending a third message, from 

the authenticator process to the relay agent process, that contains at least some of 

the authentication and authorization information based on the first data. 

28. (previously presented) A computer-readable storage medium carrying one or more 
sequences of instructions for assigning a network address to a host based on 
authentication for a physical connection between the host and an intermediate device, 
which instructions, when executed by one or more processors, cause the one or more 
processors to carry out the steps of: 

receiving, at a router hosting an authenticator process for the host, from a first server that 
provides authentication and authorization, in response to a request for 
authentication for the physical connection, first data indicating at least some of 
authentication and authorization information; 

receiving, at a DHCP relay agent process of the router, from the host, a DHCP discovery 
message for discovering a logical network address for the host; 

generating at the DHCP relay agent process a second message that comprises the DHCP 
discovery message and the first data; and 

sending the second message from the DHCP relay agent process to a DHCP server that 
provides the logical network address for the host; 

wherein generating the second message further comprises sending a third message, from 
the authenticator process to the relay agent process, that contains at least some of 
the authentication and authorization information based on the first data. 
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29. (previously presented) An apparatus as recited in Claim 26, wherein the means for 
generating the second message further comprises means for storing second data based on 
the first data by the authenticator process, and means for retrieving the second data by the 
relay agent process in response to said step of receiving the first message. 

30. (previously presented) An apparatus as recited in Claim 26, wherein the physical 
connection comprises any one of an Ethernet interface card, and a wireless Ethernet 
encryption key and time slot. 

31. (previously presented) An apparatus as recited in Claim 26, wherein the request for 
authentication is based on an Institute of Electrical and Electronics Engineers (IEEE) 
802. lx standard. 

32. (previously presented) An apparatus as recited in Claim 26, wherein the first data 
includes user class data indicating a particular group of one or more authorized users of 
the host; and wherein the means for generating the second message comprises means for 
generating the second message based on the user class data. 

33. (previously presented) An apparatus as recited in Claim 26, wherein the first data 
includes credential data indicating authentication is performed by the first server; and 
wherein the means for generating the second message further comprises means for 
generating the second message based on the credential data. 
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34. (previously presented) An apparatus as recited in Claim 27, wherein the instructions for 
generating the second message further comprise instructions for storing second data 
based on the first data by the authenticator process, and instructions for retrieving the 
second data by the relay agent process in response to receiving the first message. 

35. (previously presented) An apparatus as recited in Claim 27, wherein the physical 
connection comprises any one of an Ethernet interface card, and a wireless Ethernet 
encryption key and time slot. 

36. (previously presented) An apparatus as recited in Claim 27, wherein the request for 
authentication is based on an Institute of Electrical and Electronics Engineers (IEEE) 
802. lx standard. 

37. (previously presented) An apparatus as recited in Claim 27, wherein the first data 
includes user class data indicating a particular group of one or more authorized users of 
the host; and wherein the instructions for generating the second message comprise further 
instructions for generating the second message based on the user class data. 

38. (previously presented) An apparatus as recited in Claim 27, wherein the first data 
includes credential data indicating authentication is performed by the first server; and 
wherein the instructions for generating the second message further comprise instructions 
for generating the second message based on the credential data. 
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39. (new) A computer-readable storage medium as recited in Claim 28, wherein generating 
the second message includes storing second data based on the first data by the 
authenticator process and retrieving the second data by the relay agent process in 
response to receiving the first message. 

40. (new) A computer-readable storage medium as recited in Claim 28, wherein the physical 
connection comprises any one of an Ethernet interface card, and a wireless Ethernet 
encryption key and time slot. 

41. (new) A computer-readable storage medium as recited in Claim 28, wherein the request 
for authentication is based on an Institute of Electrical and Electronics Engineers (IEEE) 
802. lx standard. 

42. (new) A computer-readable storage medium as recited in Claim 28, wherein the first data 
includes user class data indicating a particular group of one or more authorized users of 
the host; and wherein generating the second message includes generating the second 
message based on the user class data. 

43. (new) A computer-readable storage medium as recited in Claim 28, wherein the first data 
includes credential data indicating authentication is performed by the first server; and 
wherein generating the second message includes generating the second message based on 
the credential data. 
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